Managing Cloud Risks Gave Security Teams a Big Headache in 2024

Enterprise IT and security managers had a lot to worry about in 2024, such as the exploding number of vulnerabilities, increased volume of threats against their organizations, constant drumbeat of data breaches, and steady stream of user error and human behavior to manage. Also a big concern was the growing risk exposure as a result of their organizations' increased reliance on cloud technologies.
Respondents to Dark Reading's Strategic Security survey revealed growing concerns about risks tied to cloud services. In face of rising adoption of cloud services for data storage, applications, and business operations, organizations appear to be particularly worried about their dependence on cloud providers' security measures and their reduced control over data in cloud environments. Thirty-five percent of organizations, compared to just 23% in the 2023 survey, reported using between 10 and 29 cloud applications internally. Most organizations work with multiple cloud providers, which contribute to the visibility challenges. Just under half, or 48%, rely on two or three providers, and 60% use between two to five cloud service providers.
The near ubiquity of the cloud means organizations are increasingly concerned about cloud security threats. Exploits targeting cloud service providers was the top worry for almost half of the respondents (49.6%), followed closely by cloud services breaches and intrusions (47.8%). The lack of data visibility in cloud environments and inability to enforce security policies on cloud-stored data tied for third place (39.1%). In comparison, the 2023 survey revealed only 45% of respondents worried about cloud exploits, 38% worried about cloud services breaches, and 24% worried about the inability to enforce security policies in the cloud.
The complexity of cloud security is further highlighted by organizations' staffing and control concerns. Over-reliance on cloud service providers to detect data breaches was cited by 28.7% of respondents, while 19.1% expressed concern about unclear incident-response protocols with their cloud service providers. Notably, the percentage of organizations worried about their inability to enforce security policies on cloud-stored data increased significantly from 24.4% in 2023 to 39.1% in 2024, suggesting growing awareness of the challenges in maintaining security control in cloud environments. These findings indicate that while organizations continue to embrace cloud services, they struggle with visibility, control, and the division of security responsibilities between themselves and their cloud service providers.
Security teams have long grappled with the challenges posed by the shared responsibility model with cloud providers where the provider and the organization have to work together to handle their part of the security tasks. The survey found that organizations are increasingly including the challenges of shared responsibility models, data sovereignty issues and loss of control in their risk assessments. For instance, 39% are worried about risks tied to a lack of visibility in cloud environments and an identical proportion believed their inability to enforce enterprise data security policies in the cloud has put them at risk. Nearly three-in-10 (29%) are concerned about their over-reliance on cloud vendors to detect security issues.
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them
Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalVerification Request Identified
HighOut of Band XSS
InformationalUser Controllable JavaScript Event (XSS)
InformationalSec-Fetch-User Header is Missing
MediumInsecure JSF ViewState
LowInsufficient Site Isolation Against Spectre Vulnerability
Free online web security scanner